What Is a Supply Chain Attack: Real Examples and How to Defend Against Them

Retool's new app builder is where AI-generated code ships safely
Building apps with AI is easy. Getting them to production safely is another story.
Supply chain attacks are strategically efficient for attackers: instead of compromising each target individually, compromising a single trusted vendor reaches thousands of customers simultaneously: each of whom trusts the vendor's software implicitly.
The SolarWinds attack reached the US Treasury, State Department, and hundreds of private organizations through a single compromised software update. The 3CX attack compromised financial sector organizations through their phone system software. XZ Utils nearly backdoored SSH on millions of Linux systems before being caught by one developer who noticed an anomalous performance difference.
The Three Primary Supply Chain Attack Vectors
Vector 1: Compromised software build pipeline (SolarWinds model)
Attackers compromise the vendor's build environment: the system that compiles source code into the final software binary. Malicious code is injected during the build process, so the final binary contains the attacker's payload while the source code remains clean.
The SolarWinds SUNBURST backdoor was injected into the Orion build system in October 2019. The compiled binary was code-signed by SolarWinds' legitimate certificate, making it indistinguishable from legitimate software. 18,000 customers installed it as a routine software update.
Defenses: Reproducible builds (verify that a given source code always produces the same binary output), code signing with keys stored in HSMs (hardware security modules), build environment isolation, software bill of materials (SBOM) generation and verification.
Vector 2: Malicious open-source packages (dependency confusion / typosquatting)
Attackers publish malicious packages to public package registries (npm, PyPI, RubyGems) with names that match popular packages or internal package names. Developers or automated build systems install the malicious package.
Examples: typosquatting (publishing reequests to catch requests installation typos), dependency confusion (publishing a higher-versioned package with the same name as an internal package), and direct compromise of popular open-source packages (the 3CX attack used a compromised Electron framework component).
Defenses: Software composition analysis (SCA) tools that check all dependencies against vulnerability databases and anomaly baselines (Snyk, OWASP Dependency-Check, GitHub Dependabot), lockfile enforcement, private registry mirroring.
Vector 3: Compromised vendor infrastructure (3CX model)
The vendor's own infrastructure: update servers, authentication systems, or distribution platforms: is compromised. Customers who connect to the vendor's services receive malicious content through what appears to be a legitimate vendor connection.
The 3CX attack compromised the company's Electron desktop application by first compromising a financial software company (Trading Technologies) whose software 3CX employees had installed. The malicious 3CX update was then distributed to 600,000 customer organizations: a two-stage supply chain attack.
The XZ Utils Case Study: Almost the Perfect Backdoor
In March 2024, a Microsoft developer named Andres Freund noticed that SSH login on systems running the newest version of liblzma (part of XZ Utils, a compression library) was taking 500ms longer than expected. He investigated, found an obfuscated backdoor, and reported it: stopping what was likely a nation-state-sponsored 2-year social engineering campaign before it reached production Linux distributions.
How the attack worked:
- A persona named 'Jia Tan' began contributing to the XZ Utils open-source project in 2021: providing legitimate bug fixes and improvements
- Over two years, Jia Tan built trust with the project's main maintainer, eventually gaining commit access
- In 2024, Jia Tan introduced obfuscated malicious code into the XZ Utils build scripts that inserted a backdoor into liblzma
- The backdoor was designed to intercept and authenticate RSA public key operations in systemd-linked SSH connections: allowing the attacker to authenticate to any affected system using a private key only they possessed
- The compromised version was included in the Fedora Rawhide and several Debian sid distributions before detection
Why it was almost missed:
- The malicious code was obfuscated across multiple commits and binary test files: not obvious from a diff
- The behavioral change (500ms SSH delay) was subtle enough that most users would attribute it to normal variation
- The attacker had spent 2 years building a legitimate contributor reputation
What detection looked like: CPU profiling of SSH connections showed unexpected time in liblzma code. This was only caught because one developer's performance instincts were unusually sharp and he did not accept the performance anomaly as normal.
Lessons: Even trusted open-source contributors can be adversarial, review of binary artifacts in source repositories is important (the malicious payload was partially hidden in binary test files), and behavioral anomalies: even minor ones: in critical system libraries deserve investigation.
Briefings like this, every morning before 9am.
Threat intel, active CVEs, and campaign alerts, distilled for practitioners. 50,000+ subscribers. No noise.
Defensive Controls for Each Vector
For commercial software supply chain (SolarWinds vector):
-
Vendor security assessments: Before deploying software with privileged access (endpoint agents, monitoring tools, network management), require the vendor to provide their SOC 2 Type II report, answer a vendor security questionnaire covering their build environment, and demonstrate code signing key management practices.
-
Network segmentation of vendor software: Software agents that require network access should be isolated in a management network segment with monitoring of their outbound connections. Anomalous outbound connections from a monitoring agent (the SolarWinds indicator) are detectable if baseline behavior is established.
-
Privileged access review for vendor software: Audit what permissions vendor software requires. An IT monitoring tool that needs Domain Admin access is a risk multiplier: minimize permissions to what the software actually needs.
For open-source dependency supply chain:
# Software Composition Analysis: scan all dependencies for known CVEs and anomalies
# Snyk (free tier available)
snyk test
snyk monitor # Continuous monitoring
# OWASP Dependency-Check (free, open-source)
dependency-check.sh --project MyProject --scan /path/to/project --out ./reports
# GitHub Dependabot (built into GitHub repos)
# Enable in repository Settings > Security > Code security and analysis
- Generate and maintain an SBOM (Software Bill of Materials):
# Generate SBOM for a container image
synk sbom --file Dockerfile --format cyclonedx-json
# Or with Syft (open-source)
syft scan image:latest -o spdx-json > sbom.json
An SBOM gives you a complete inventory of dependencies: when a new vulnerability is disclosed, you can immediately determine whether you are affected.
For detecting compromised software behavior:
-
Application allow-listing: Tools like AppLocker (Windows) or WDAC prevent unauthorized binaries from executing: an injected payload binary would be blocked if not in the allow list.
-
Network behavior baselining for trusted software: Establish what outbound connections each piece of privileged software makes in normal operation. Alert when a monitoring agent, security tool, or management software makes a connection to an IP or domain outside its baseline: this was the detectable indicator in the SolarWinds case.
The bottom line
Supply chain attacks compromise trusted software distribution channels to reach downstream customers: bypassing their security controls because the payload arrives via a trusted, signed update. Three attack vectors require distinct defenses: compromised build pipelines (vendor security assessments, SBOM, network behavior baselining for vendor software), malicious packages (SCA tools, lockfile enforcement, private registry mirroring), and compromised vendor infrastructure (network segmentation, privileged access minimization, behavioral anomaly monitoring). No single control stops all supply chain attacks: defense requires visibility into what software is installed, what it does, and what it connects to.
Frequently asked questions
What is a software supply chain attack?
A supply chain attack compromises a trusted vendor, software package, or development tool to deliver malicious code to the vendor's customers through legitimate software distribution channels. The customer installs what appears to be a trusted, signed update: but the payload is attacker-controlled. SolarWinds (2020), 3CX (2023), and XZ Utils (2024) are the most significant recent examples.
How do you defend against supply chain attacks?
Three defenses by attack vector: for commercial software: vendor security assessments and network behavior baselining to detect anomalous outbound connections from trusted software; for open-source dependencies: software composition analysis (Snyk, Dependabot) and SBOM generation; for compromised build pipelines: reproducible builds, SBOM verification, and network segmentation of privileged vendor software.
What is an SBOM and how does it help with supply chain security?
A Software Bill of Materials (SBOM) is a structured inventory of all components in a software product: libraries, packages, versions, licenses, and their dependency relationships. SBOMs enable faster response to supply chain incidents: when a new vulnerability is disclosed (e.g., Log4Shell), organizations with SBOMs can query 'which of our products use log4j?' in minutes rather than spending days manually checking each codebase. SBOM formats include SPDX (ISO standard) and CycloneDX (OWASP standard). The US Executive Order on Cybersecurity (2021) requires SBOMs for software sold to the federal government. Generate SBOMs as part of your CI/CD pipeline using tools like Syft or CycloneDX's language-specific generators.
What was the SolarWinds supply chain attack and why was it significant?
The SolarWinds attack (2020) was a nation-state (SVR/Cozy Bear) operation that compromised SolarWinds' Orion build pipeline and inserted malware (SUNBURST) into signed software updates delivered to approximately 18,000 customers. The malware remained dormant for 12-14 days after installation, then began exfiltrating data and providing remote access. It affected US government agencies (Treasury, State Department, DHS, NSA) and major technology companies. Its significance: it demonstrated that trusted, signed software from legitimate vendors can be weaponized at scale; that build pipeline security is as important as product security; and that traditional perimeter defenses provide no protection against backdoored updates from trusted vendors.
How do I assess the security of my software vendors?
Vendor security assessment for software suppliers should cover: (1) Development security practices (SSDLC, code review, penetration testing frequency); (2) Build pipeline security (code signing, dependency pinning, pipeline access controls); (3) Incident notification SLAs (how quickly will they notify you of a breach affecting your data?); (4) SOC 2 Type II or ISO 27001 certification for baseline security posture; (5) Vulnerability disclosure program (how do they handle reported vulnerabilities?). For critical vendors with privileged access to your environment, also assess network segmentation of the software on your end: does it need outbound internet access? Can you restrict it to known good destinations?
How do lockfiles and dependency pinning reduce open-source supply chain risk?
Lockfiles (package-lock.json for npm, Pipfile.lock for Python, Gemfile.lock for Ruby, go.sum for Go) record the exact version and cryptographic hash of every dependency installed during a successful build: both direct dependencies and transitive dependencies (dependencies of dependencies). When a lockfile is committed to source control and builds are required to use it, two supply chain risks are eliminated. First, version range attacks: a package.json that specifies 'lodash ^4.17.11' installs the newest patch release matching that range at build time. An attacker who compromises lodash and releases version 4.17.20 with malicious code gets installed automatically in the next build if you use ranges without a lockfile. A lockfile pins the exact version and hash: 4.17.11 specifically, and any other version fails the integrity check. Second, dependency confusion attacks: organizations with private package registries are vulnerable to an attacker publishing a higher-versioned public package with the same name as a private internal package. Lockfiles with hash verification prevent this by requiring that the exact hash match the recorded value. Beyond lockfiles, use npm audit, pip-audit, or bundler-audit in your CI pipeline to check for known CVEs in pinned dependencies. Configure Dependabot or Renovate to open automated pull requests when a dependency has a security patch: this keeps you current on patched versions without manual tracking. For the highest security posture, mirror dependencies through a private registry (Artifactory, Nexus) so your builds never pull directly from public repositories.
Sources & references
Free resources
Critical CVE Reference Card 2025–2026
25 actively exploited vulnerabilities with CVSS scores, exploit status, and patch availability. Print it, pin it, share it with your SOC team.
Ransomware Incident Response Playbook
Step-by-step 24-hour IR checklist covering detection, containment, eradication, and recovery. Built for SOC teams, IR leads, and CISOs.
Get threat intel before your inbox does.
50,000+ security professionals read Decryption Digest for early warnings on zero-days, ransomware, and nation-state campaigns. Free, daily, no spam.
Unsubscribe anytime. We never sell your data.

Founder & Cybersecurity Evangelist, Decryption Digest
Cybersecurity professional with expertise in threat intelligence, vulnerability research, and enterprise security. Covers zero-days, ransomware, and nation-state operations for 50,000+ security professionals every morning.
Win a $2,495 Black Hat pass.
Full-access to Black Hat USA 2026 in Las Vegas. Subscribe free to enter.
